HBO: poisoning BT downloads
p2p news / p2pnet:- HBO is actively poisoning the BitTorrent downloads of the new show Rome, says O`Reilly Radar.
In addition to an older tactic of offering bogus downloads that never complete, HBO is now obstructing the downloads offered by other people, says a post from nat, which goes on:
HBO runs peers that tell the tracker they have all the chunks of the show, but then send garbage data when a downloader requests a chunk. The downloading client can detect that it’s garbage and will try another peer for the chunk, but the end result is that it takes much much longer to download shows.:
But this isn’t HBO’s first effort at blocking online distribution, says nat, pointing to a “you’re busted” letter from HBO.
Pretty scary to think about how much of your communication is/can be monitored, says a link to a gen kanai blog entry where the `busted` letter was first posted. [Note: the link to the letter wasn`t working when we tried to check it out].
I guess it’s best to assume that everything that isn’t encrypted can be monitored by your ISP,” says the blog. Of course, it’s worse when you’re on a cable ISP, because they’re also providing the pipe for HBO to their customers, so it’s only natural that they monitor their networks for customers who are torrenting pay-tv shows.
HBO`s latest isn`t its first, but it`s the most active, says O`Reilly Radar. But, it continues, downloaders are fighting back.
Systems like Peer Guardian let you manage blacklists of bogus peers, it says. It will also autodetect new bogus peers. At the end of this post I’ve included one such list of known-bad peers, found on a discussion of a failing Rome download. There are a lot of IPs involved in this! You’ll see companies like Media Sentry who are agents for the media companies in tracking down and stopping illegal filesharing activity, as well as a large number identified just as HBO.
PeerGuardian is only the start. I think the approach to poison peers will be the same as to spamming mail relays. We’ll see distributed blacklists with a reputation system managing the blacklists. It’s beginning to emerge informally. The fact that bogus fragments are so easily detected (every fragment has a guaranteed-correct checksum provided by the person who originally seeded it) means that there’s no messy Bayesian spam detection algorithms or grayboxes. If you send me a bogus fragment, you’re obviously evil. The problem then becomes determining which reports of poison peers are bogus. Any success HBO has in the download wars will be shortlived, as I expect to see software implementing this kind of distributed automatic blacklisting soon.
Here`s the O`Reilly Radar list.
- HBO-bloack:38.112.0.0-38.119.255.255
- HBO-bloack:64.34.160.0-64.34.191.255
- HBO-bloack:64.62.170.0-64.62.170.255
- HBO-bloack:64.124.0.0-64.125.255.255
- HBO-bloack:66.250.46.0-66.250.47.255
- HBO-bloack:70.84.0.0-70.87.127.255
- HBO-bloack:168.215.129.64-168.215.129.95
- HBO-bloack:206.169.170.240-206.169.170.255
- HBO-bloack:206.169.225.80-206.169.225.95
- HBO-bloack:206.169.230.96-206.169.230.111
- HBO-bloack:208.50.192.0-208.51.255.255
- HBO-bloack:209.203.99.224-209.203.99.239
- bt-bad-seed:82.33.171.99-82.33.171.99
- bt-bad-seed:80.171.23.230-80.171.23.230
- bt-bad-seed:156.34.155.159-156.34.155.159
- bt-bad-seed:207.180.131.30-207.180.131.30
- bt-bad-seed:67.81.57.176-67.81.57.176
- bt-bad-seed:24.251.101.76-24.251.101.76
- bt-bad-seed:217.165.65.183-217.165.65.183
- bt-bad-seed:81.66.166.200-81.66.166.200
- bt-bad-seed:84.9.80.129-84.9.80.129
- bt-bad-seed:82.235.113.152-82.235.113.152
- bt-bad-seed:80.171.76.241-80.171.76.241
- bt-bad-seed:212.2.170.99-212.2.170.99
- bt-bad-seed:64.168.30.40-64.168.30.40
- bt-bad-seed:216.168.118.161-216.168.118.161
- bt-bad-seed:81.69.89.120-81.69.89.120
- bt-bad-seed:24.153.38.215-24.153.38.215
- bt-bad-seed:84.9.80.129-84.9.80.129
- bt-bad-seed:81.216.47.226-81.216.47.226
- bt-bad-seed:221.188.54.71-221.188.54.71
- bt-bad-seed:64.217.229.102-64.217.229.102
- bt-bad-seed:172.213.246.194-172.213.246.194
- bt-bad-seed:217.165.83.225-217.165.83.225
- bt-bad-seed:82.235.77.238-82.235.77.238
- bt-bad-seed:82.182.96.52-82.182.96.52
- bt-bad-seed:216.168.117.133-216.168.117.133
- bt-bad-seed:217.132.96.144-217.132.96.144
- bt-bad-seed:85.224.52.236-85.224.52.236
- bt-bad-seed:172.216.232.91-172.216.232.91
- bt-bad-seed:66.68.84.184-66.68.84.184
- bt-bad-seed:159.101.25.201-159.101.25.201
- bt-bad-seed:67.68.197.49-67.68.197.49
- bt-bad-seed:217.132.209.91-217.132.209.91
- bt-bad-seed:195.137.71.28-195.137.71.28
- bt-bad-seed:65.49.132.215-65.49.132.215
- bt-bad-seed:66.131.49.145-66.131.49.145
- bt-bad-seed:216.168.124.47-216.168.124.47
- bt-bad-seed:169.165.109.61-169.165.109.61
- bt-bad-seed:67.118.118.52-67.118.118.52
- bt-bad-seed:217.165.84.201-217.165.84.201
- bt-bad-seed:24.55.8.247-24.55.8.247
- bt-bad-seed:217.165.86.191-217.165.86.191
- bt-bad-seed:68.144.114.32-68.144.114.32
- bt-bad-seed:67.169.151.53-67.169.151.53
- bt-bad-seed:70.51.238.143-70.51.238.143
- bt-bad-seed:172.216.167.174-172.216.167.174
- bt-bad-seed:69.156.93.197-69.156.93.197
- bt-bad-seed:24.43.243.187-24.43.243.187
- bt-bad-seed:216.168.118.2-216.168.118.2
- bt-bad-seed:70.51.240.138-70.51.240.138
- bt-bad-seed:24.68.138.102-24.68.138.102
- bt-bad-seed:212.238.211.93-212.238.211.93
- bt-bad-seed:217.165.50.129-217.165.50.129
- bt-bad-seed:84.9.84.36-84.9.84.36
- bt-bad-seed:80.44.157.183-80.44.157.183
- bt-bad-seed:84.94.27.122-84.94.27.122
- bt-my-detect:24.141.201.130-24.141.201.130
- bt-my-detect:70.152.132.252-70.152.132.252
- Performance Systems International Inc:38.112.0.0-38.119.255.255
- ServerBeach, Peer 1 Network Inc:64.34.160.0-64.34.191.255
- Peak Web Hosting:64.62.170.0-64.62.170.255
- Abovenet Communications Inc:64.124.0.0-64.125.255.255
- MediaSentry+SafeNet:66.250.46.0-66.250.47.255
- ThePlanet.com Internet Services:70.84.0.0-70.87.127.255
- MediaSentry:168.215.129.64-168.215.129.95
- MediaSentry:206.169.170.240-206.169.170.255
- MediaSentry:206.169.225.80-206.169.225.95
- MediaSentry:206.169.230.96-206.169.230.111
- Global Crossing:208.50.192.0-208.51.255.255
- MediaSentry:209.203.99.224-209.203.99.239
Stay tuned.
Something you think we should know? tips[at]p2pnet.net
First they ignore you, then they laugh at you, then they fight you, then you win
- Mohandas Gandhi
See:-
O`Reilly Radar – HBO Attacking BitTorrent Permalink, October 04, 2005
October 7th, 2005 at 1:50 pm
when some students – probably paid by the cartels – cracked the hash of a .torrent file, i predicted here this type of thing would happen.
and boy did i get flamed.
see?
October 7th, 2005 at 2:56 pm
lol, you forgot the ‘na na na’ at the end of the ‘I told you so’, otherwise that was a pretty good impression of a 10 year old.
October 7th, 2005 at 3:16 pm
Crack? BitTorrent just uses a sha-1 encryption algorithm, which is well documented.
October 7th, 2005 at 5:04 pm
earlier this year, chinese students cracked it and were able to manipulate it as these reports prove.
at the time, i was told off by a bunch of people saying that it couldn’t be done.
so…na na na.
October 7th, 2005 at 5:50 pm
and you are still wrong this has nothing to do with corrupting the sha-1 hash. They have their own bt clients that just send out bad data your client still bans the data. It’s just that they have so many clients with huge amount of bandwith and they can change their ip address in mid stream so it’s hard for your bt client to just ban them. All this does is slow the transfer down it doesn’t stop if it was corrupting the stream it would finish with garbage
October 7th, 2005 at 8:36 pm
This is what they SHOULD be doing!… its their copywritted work, and rather than sueing people, HBO is just poisoning the downloads, to make it harder for people to download it.
This is the right way to deal with this… and its unfortunet that the RIAA/ect aren’t just doing the same…
Put that stupid “convice people to pay us” center to real work, by poisoning downloads! XD
This way, less copywritted stuff would be downloaded… and more legitamit things would continue.
October 8th, 2005 at 9:10 am
They still have no way of generating data to a known hash. They just found collissions in way under 2^80 steps, which is the normal collision strength for SHA-1. (They got it down to 2^63, which is 131072 times faster, but still needs a fast computer)
This attack only gives you 2 unique datablocks, which have the same hash, but you can’t specify the hash in advance. So this does not work on bittorrent, where all hashes are known in advance. It only would work if the attacker creates the file; but then it if much easier to distribute garbarge in the first place.
Conclusion: Can you still trust SHA-1 as checksum? Yes. Can you trust SHA-1 as tamperproof signature? No, because the signer can tamper with it.
October 8th, 2005 at 5:15 pm
umm, no, this has nothing to do with any sort of hash crack.
If that was the case, we’d be seeing totally corrupt downloaded files, since the ‘bad blocks’ would have the same hash as ‘good blocks’ causing corruption even though the blocks are always being checked.
If BT proto had smaller blocks, say 100K instead instead of 1/2 Meg, the impact of bad blocks would be much less since you’d know you were connected with a bad peer sooner… but at least they are being detected and dropped eventually.
October 8th, 2005 at 7:23 pm
Yeap, they have gotten a way to try and make it a bit more pain in the butt. I guess those that have cable won’t be long in figuring out where the source of the data is being gotten from as far as identifing ips. If they continue this tatic I would expect people to leave the cable for adsl. Good move HBO! Think the cable companies that rent internet access will be happy with this one when subscription rates drop for cable internet access?
October 9th, 2005 at 5:23 am
I’m still snickering. Does anyone else seen the irony inherent in this post?
October 9th, 2005 at 5:34 am
Regarding Blocking: One might as well block 38.0.0.0/8 CIDR. This is the old PSINet mega-block of IPs. Virtually none of these are used by ISP providing service to individuals. I block 4.0.0.0/8, 8.0.0.0/8, 12.0.0.0/8, and 16.0.0.0/8 as well. There are some individuals in the 4 and 12 /8s, but most of the rest are businesses and such. AT&T is stubbornly holding on to the 12 /8 despite having no justification to do so, once they abandoned providing real internet connectivity to the backbone and left the Cable Television business.
October 9th, 2005 at 5:48 am
This particular countermeasure is about as effective as having Jack Valenti stand in the street in front of your house wagging his finger and saying, “Tut, tut, you shouldn’t do that I’m shocked and appalled.”
Seriously though, every BT client has a feature that detects peers that chronically sends bad data and ‘ignores’ them. Some can also send reports of such conduct to the tracker, and if the tracker is so enabled, the tracker can then ignore the bad seed and it won’t get any more IP info and will eventually be connected to nothing.
If one wants to take more countermeasures against bad seeds, one could code an application that constantly barrages the bad seed with status requests, retransmit requests, ‘new’ requests for the same piece over and over. If it’s DHT enabled, an application can barrage the bad seed with DHT functions.
Eventually, the bad seed will think you are an idiot and put your IP on it’s ban list and ignore you. After all, that’s what you want, isn’t it?
–TG
October 9th, 2005 at 7:55 pm
The rot has set in, the people are empowered and their generous nature will strangle the last dying breath from the industry in it’s tenacious death throes.
October 12th, 2005 at 9:36 pm
As it happens, in some countries (Scandinavia) downloading music, films and tv shows for your private use is perfectly legal thing to do.
Then from the other hand privacy laws are very strict: monitoring
network trafic, interfearing with data transmissions etc. are against
the law. Maybe someone should sue HBO etc. instead
May 12th, 2006 at 2:23 am
You guys need to check out I2P and Ants P2P.
http://i2p.net/ is an anonymous network with a BitTorrent client already built in, and will provide “militant grade” anonymity in the near future (already provides enough to create plausible deniability). Performance can be an issue because it’s first and foremost an anonymous network layer.
http://antsp2p.sourceforge.net/ is first and foremost an anonymous P2P network, using the same concepts that made BitTorrent so successful. This tool has the most hope of becoming the next killer P2P application because it’s basically anonymous BitTorrent.
The problem with either solution is that you’re all still using clients that can be easily tracked by people like HBO, MediaSentry, and SafeNet (just take a look at PeerGaurdian logs and you’ll see that they’re probing you). So please do your homework and start adopting the anonymous networking clients so we can all benefit and share freely once again. Of course nothing is 100% anonymous, but these programs introduce so much complexity that even if an anti-p2p agency were to spend the time and money to track every packet you sent and received, there is so much plausible deniability that they would not have any grounds for a case.
Bottom line: Give Ants P2P (or another anonymous P2P network) a try and don’t give up so quickly. The available file pool cannot grow until more people see the light and start using the next generation P2P tools… while avoiding the possibility of legal headaches.
June 21st, 2007 at 12:55 pm
Looks like it’s time for everybody who cares about P2P to cancel their subscription to HBO. These clowns act as if they sell an essential product. It’s just TV. It’s just entertainment. It’s not food, water or shelter. We don’t need them. Their product is superfluous.
Since the media giants declared war on P2P I personally:
No longer buy music CDs.
Have cancelled subscription to satellite TV service.
No longer buy or rent DVDs.
I don’t miss any of these services. Let’s all cut these bozos off at the knees. Without revenue from US, they will die. These fools have declared war on the very people who once were their best customers. How stupid do you have to be to do that?